On Thu, Jan 26, 2006 at 01:31:04AM -0500, [EMAIL PROTECTED] wrote:
> On Thursday, January 26, 2006, at 00:53AM, Ted Unangst <[EMAIL PROTECTED]>
> wrote:
>
> >On 1/25/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> >> 3.9 beta was not fun for me, so I am reinstalling to 3.8 -Stable.
> >> For whatever reason I forgot that securelevel was set to 2, but
> >> 'make build' is running alright at the moment.
> >>
> >> Can I also compile ports with securelevel set to 2? Does someone
> >> know of a port where I must decrease the securelevel? Usually I
> >> install at least nano, tcsh, and kermit.
> >
> >you can do everything except make release. which means you should ask
> >why you even bother with securelevel 2. if you don't know what it
> >does, don't fiddle with it.
>
> I am *learning* what it does. :)
> I am planning on make release for tomorrow.
> Things are great- thanks.
You might want to read a little about the recent polemic surrounding
securelevels. Basically, they work, but files that are supposed to be
unchangeable can be made inaccessible by (transparently?) mounting a
filesystem on top. This was fixed in, for instance, NetBSD by
disallowing mounts; Theo said that it wouldn't be fixed in OpenBSD, as
'securelevels are useless', prompting a response from, amongst others,
securityfocus.com, which prompted a response from undeadly.org, and so
on.
That is not to say that securelevels do not restrict some things;
however, whether they are actually useful is questionable. Certainly,
time spent on tuning them may be better spent elsewhere.
Joachim
